Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //BEGIN Include Common Data
- include_once ("common.php");
- //END Include Common Data
- //sanitize your input, or your ass is getting hacked
- $username = mysql_real_escape_string($_POST['username']);
- $password = md5($_POST['password']); //assuming you're using md5s
- function validateAuth($username,$password){
- //i made this a function simply because it's cleaner to put the conditionals all here rather than below
- //if you want more detailed return codes, go ahead and put them in ("bad password", "account expired", etc)
- //except don't actually return a string, i'd return an integer and use a lookup table
- $query = mysql_query("SELECT * FROM useraccounts WHERE `username`='$username' AND `password`='$password'");
- if(mysql_num_rows($query)){
- //username/password were correct, let's make sure their account is activated
- $r = mysql_fetch_assoc($query);
- if($r['Admin'] == '1'){
- return true;
- //admins need no further validation
- }
- if($r['AccountStart'] >= time() && $r['AccountEnd'] <= time()){
- return true;
- //yep, it's active
- }
- return false;
- //not admin and expired/not yet active
- }
- else{
- return false;
- //bad username/password combo
- }
- }
- if(validateAuth($username,$password)){
- //set cookies and whatever, log them in
- echo "LOL U LOGGED IN :D";
- }
- else{
- //do error stuff
- echo "LOL U FAIL D:";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement